Create github oidc role iam module

[pedroprg]

Description

This pull request introduces a new, reusable Terraform/OpenTofu module named github_oidc_role.

This module provisions the necessary AWS resources to allow GitHub Actions to authenticate with AWS using OpenID Connect (OIDC). It creates:

• An aws_iam_openid_connect_provider for GitHub.
• An aws_iam_role that GitHub Actions can assume.
• An inline aws_iam_role_policy with permissions defined by the user.

The trust relationship is scoped to a specific GitHub organization, repository, and environment, ensuring that only workflows from the specified context can assume the role.

Motivation and Context

To enhance security and move away from long-lived IAM user credentials, we are adopting OIDC for authenticating our GitHub Actions workflows with AWS. This module standardizes the creation of the required IAM role and OIDC provider, making it easy and secure for any repository within the ufabc-next project to get temporary credentials. This approach eliminates the need to store AWS access keys as GitHub secrets.

Affected Modules

This is a new module, so it does not affect existing ones. The new module is located at:

• aws/iam/github_oidc_role

How Has This Been Tested?

This is the initial commit for the module. An example usage will be added in a subsequent PR to demonstrate functionality and serve as a test case. The code has been validated locally.

• terraform plan executed successfully.
• terraform apply executed successfully.
• tofu plan executed successfully.
• tofu apply executed successfully.
• Manual testing steps performed:
  1. Go to '...'
  2. Click on '....'
  3. See error '...'
• Automated tests added/updated.

Test Configuration:

• Terraform version:
• OpenTofu version:
• Provider versions:

Screenshots (if appropriate)

If your change affects any visual output (e.g., from a terraform plan or a UI), please add screenshots here.

Checklist

• I have read the CONTRIBUTING.md document.
• My code follows the code style of this project.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests passed.

[github-actions]

OpenTofu automated tests for module in aws/iam/github_oidc_role directory

OpenTofu Initialization ⚙️success

OpenTofu Validation 🤖success

Validation Output

Success! The configuration is valid.

OpenTofu Format 🖌success

Format Check Output

OpenTofu Tests 📖success

OpenTofu Test Output

tests/test.tftest.hcl... pass
  run "github_oidc_role"... pass

Success! 1 passed, 0 failed.

Pusher: @pedroprg, Action: pull_request, Working Directory: aws/iam/github_oidc_role, Workflow: Opentofu-Checks

[github-actions]

TFLint Analysis for aws/iam/github_oidc_role 🧐success

TFLint Output

Pusher: @pedroprg, Action: pull_request, Workflow: Opentofu-Checks

[github-actions]

Release Plan

Module	Release Type	Latest Version	New Version
aws/iam/github_oidc_role	initial		v1.0.0

✅ Wiki Check ^ℹ️

Changelog

aws/iam/github_oidc_role/v1.0.0 (2025-08-27)

• 🔀PR #1 - Create github oidc role iam module
• chore: adjust module directory
• fix: fix tflint issues

_{Powered by techpivot/terraform-module-releaser}

[Joabesv]

@pedroprg , é pra ser publico mesmo esse cara